首先介绍下CXF的拦截器:
简单地说,CXF使用流水线型(或者说总线型)处理机制,它的核心是一个Bus。一个客户端的请求或者一个对客户端桩代码的调用被组织成为一个Message。同时,所有的CXF功能都组织成Interceptor挂接在Bus上,分阶段依次处理Message。Message本质上是一个Map数据结构,既包含系统公共的也包含Interceptor自定义的数据。AbstractPhaseInterceptor<Message>这个抽象类拦截器类,自定义拦截器类可以继承它实现它其中一个抽象方法public void handleMessage(Message message) throws Fault如下代码实现:package com.jd.train.service.webservice.ipinterceptor;
import com.jd.train.service.util.CodesUtil;
import org.apache.cxf.interceptor.Fault;import org.apache.cxf.message.Message;import org.apache.cxf.phase.AbstractPhaseInterceptor;import org.apache.cxf.phase.Phase;import org.apache.cxf.transport.http.AbstractHTTPDestination;import org.apache.log4j.LogManager;import org.apache.log4j.Logger;import javax.servlet.http.HttpServletRequest;
import java.util.List;/**
* Created by IntelliJ IDEA. * User: zhangzhaozhao * Date: 12-3-26 * Time: 下午4:06 * To change this template use File | Settings | File Templates. */public class IpAddressInInterceptor extends AbstractPhaseInterceptor<Message> { //这个属性是注入进来的,你也可以从properties,xml文件中去读取,也可以从数据库中去获取; private List<String> ipList;public void setIpList(List<String> ipList) {
this.ipList = ipList; }private final static Logger logger = LogManager.getLogger(IpAddressInInterceptor.class);
public IpAddressInInterceptor() { super(Phase.RECEIVE); }public void handleMessage(Message message) throws Fault {
//指定CXF获取客户端的HttpServletRequest : http-request; HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST); String ipAddress=""; boolean flag = false; if (null != request) { ipAddress = getUserIpAddr(request); // 取客户端IP地址 logger.info("请求客户端的IP地址:" + ipAddress); for (String s : ipList) { if (s.equals(ipAddress)) { flag = true; break; } } } if(!flag) { throw new Fault(new IllegalAccessException("IP address " + ipAddress + " is stint")); } }/**
* 获取IP地址的方法 * @param request * @return */ private String getUserIpAddr(HttpServletRequest request) { //获取经过代理的客户端的IP地址; 排除了request.getRemoteAddr() 方法 在通过了Apache,Squid等反向代理软件就不能获取到客户端的真实IP地址了 String ip = CodesUtil.getIpAddr(request); if (ip != null && ip.indexOf(",") > 0) { logger.info("取到客户多个ip1====================" + ip); String[] arr = ip.split(","); ip = arr[arr.length - 1].trim();//有多个ip时取最后一个ip logger.info("取到客户多个ip2====================" + ip); } return ip; }}看下Spring 配置文件的信息:
<beans xmlns=""
xmlns:xsi="" xmlns:jaxws="" xmlns:http-conf="" xmlns:cxf="" xsi:schemaLocation=" " default-autowire="byName"><import resource="classpath:META-INF/cxf/cxf.xml"/>
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/> <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/><jaxws:endpoint id="messageNotifyServices" address="/MessageNotifyServices" >
<jaxws:implementor> <bean class="com.jd.train.service.webservice.impl.MessageNotifyServicesImpl"/> </jaxws:implementor> <jaxws:inInterceptors> <ref bean="ipInterceptor"/> </jaxws:inInterceptors> </jaxws:endpoint> <!-- 订单推送WebService接口--> <jaxws:endpoint id="orderStatusServices" address="/OrderStatusServices"> <!--这是需要发布的实现类 --> <jaxws:implementor> <bean class="com.jd.train.service.webservice.impl.OrderStatusServicesImpl"/> </jaxws:implementor> <jaxws:inInterceptors> <ref bean="ipInterceptor"/> </jaxws:inInterceptors> </jaxws:endpoint><!--毫秒单位 name 为 webservice 的域名 或者地址-->
<http-conf:conduit name="${train.api.domain.name}.*"> <http-conf:client ConnectionTimeout="10000" ReceiveTimeout="20000"/> </http-conf:conduit><bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> <!-- 自定义拦截器--> <bean id="ipInterceptor" class="com.jd.train.service.webservice.ipinterceptor.IpAddressInInterceptor"/> <!-- 合法的IP地址,如果第三方IP变动需要修改 --> <bean id="ipList" class="java.util.ArrayList"> <constructor-arg> <list> <value>114.80.202.120</value> </list> </constructor-arg> </bean><!-- CXF 全局的拦截器-->
<cxf:bus> <cxf:inInterceptors> <ref bean="logIn"/> </cxf:inInterceptors> <cxf:outInterceptors> <ref bean="logOut" /> </cxf:outInterceptors> </cxf:bus></beans>
解释下里面东西:
<jaxws:endpoint id="messageNotifyServices" address="/MessageNotifyServices" ><jaxws:implementor> <bean class="com.jd.train.service.webservice.impl.MessageNotifyServicesImpl"/></jaxws:implementor><jaxws:inInterceptors> <ref bean="ipInterceptor"/></jaxws:inInterceptors></jaxws:endpoint><!-- 订单推送WebService接口--><jaxws:endpoint id="orderStatusServices" address="/OrderStatusServices"><!--这是需要发布的实现类 --><jaxws:implementor> <bean class="com.jd.train.service.webservice.impl.OrderStatusServicesImpl"/></jaxws:implementor><jaxws:inInterceptors> <ref bean="ipInterceptor"/></jaxws:inInterceptors></jaxws:endpoint>这两个是我发布出去的WebService 接口(这里需要你自己去实现,我并没有把代码贴出来);<jaxws:inInterceptors> <ref bean="ipInterceptor"/></jaxws:inInterceptors> 这个是自定义的拦截器类说到这里需要注意下了:如果把自定义的拦截器引入到发布出去的接口当中,而不是引入到全局的<cxf:bus>中,这样只对你发布出去的接口起作用如果配置到全局的<cxf:bus>中对你访问第三方的WebService接口和别人访问你发布出去的WebService接口,都起到拦截作用,我开发过程遇到此问题,我调用第三方的webService接口时候也被拦截了,其中在自定义拦截器的HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);request是null ,并且IP也被过过滤掉了,使其我不能访问第三方的接口了.第二个问题:就是Spring 配置文件的头信息 搞进去!第三个问题:就是在获取客户IP时候,request.getRemoteAddr()取得客户端的IP地址,但是在通过了Apache,Squid等反向代理软件就不能获取到客户端的真实IP地址了。经过代理以后,由于在客户端和服务之间增加了中间层,因此服务器无法直接拿到客户端的IP,服务器端应用也无法直接通过转发请求的地址返回给客户端。但是在转发请求的HTTP头信息中,增加了X-FORWARDED-FOR信息用以跟踪原有的客户端IP地址和原来客户端请求的服务器地址。给出比较靠谱实现: public static String getIpAddr(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; }如果通过了多级反向代理的话,X-Forwarded-For的值并不止一个,而是一串ip值,其中哪个才是真正的用户端的真实IP呢?答案是取X-Forwarded-For中第一个非unknown的有效IP字符串。如:X-Forwarded-For:192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100,用户真实IP为: 192.168.1.110如果朋友遇到以上问题,请多加注意. posted on 2013-12-31 12:53 阅读( ...) 评论( ...)